From any other PC I connect from I can log in to uvnc server; the wallpaper goes away and the target PC gets a balloon from the tray that win7 is now in basic video mode BUT no mouse or keystrokes (even the CTRL-ALT-DEL from the toolbar) are executed on the target PC.

Strange. I am now sure the password for VNC & View-Only are different and still, logging in to the server PC from a browser on another PC I can view the server desktop but cannot effect any control.
The symptoms as previously listed are unchanged.

this need a review of javaviewer part redirection port forwarding code source

edit added...
there only single port forwarding work with vncviewer but there double port forwarding with javaviewer,
for fix this issue, single port sharing java and winvnc, feature removed, Hope would come back and requested many time.

redge, I'm not sure I follow you -- it has to have the incoming transmission NATted to the private address in EITHER case, whether or not the port is redirected. What known issue do you mean?

My guess is mudshark would have the SAME issue when using the standard VNC viewer from the remote machine. Could you confirm, mudshark?

I think your "12345" port redirection should be fine, although there's no reason you couldn't simply tell your home PC to deliver the Javaviewer on 12345 instead of 5800; that way there would be no port redirection involved -- you'd go 12345>12345 at the router.

B wrote:My guess is mudshark would have the SAME issue when using the standard VNC viewer from the remote machine. Could you confirm, mudshark?

I do not know what you mean by "using the standard VNC viewer from the remote machine." See below for what I know and what I am trying to do.

B wrote:I think your "12345" port redirection should be fine, although there's no reason you couldn't simply tell your home PC to deliver the Javaviewer on 12345 instead of 5800; that way there would be no port redirection involved -- you'd go 12345>12345 at the router.

Here is what I want to do that is not working:
- Run UVNC server on my new 64-bit Windows 7 PC so I can use any browser from anywhere to access my PC remotely by way of entering a URL such as http://myDYNDNSname.org:NNNNN

I have this working on my old (32-bit) XP PC with an old version of UVNC. I assumed I ought to upgrade to newest UVNC for the usual reasons but more so for the 64-bit difference.

Here you show ports forwarding twice. Again, I do not understand. There are OUTSIDE (public, incoming) ports and private ports inside the LAN that go directly to a PC with a static IP address. That is a single forward only for each port that needs to be forwarded.

redge wrote:i know only old version have the single port sharing override this limitation. so you only need to forward 1 port and not 2 ports.anyway, there a rule of VNC port jump +10 or -105800 to 58995900 to 5999forward 5840 external to 5800 internalforward 5940 external to 5900 internal

I complete do not understand. It is here much more complex than it should be. Sorry to be so thick.

Well, yeah! The browser feature was always a nice-to-have, but is not where the real VNC action is, or was.

As long as you've already forwarded the VNC server's listening port at your router/firewall (which you have, if the browser viewer is working), you can use the full VNC viewer from a remote machine, connecting to your.machine.com::xxxx where xxxx is the listening port number and your.machine.com (or its public IP address) is the DNS name for the public IP address held by your VNC server's router.

That's the "normal" way to use VNC, though it's arguably a little less convenient than the browser viewer (you need to be able to run a VNC viewer, the UltraVNC version is only on Windows, etc., there may be firewall or proxy issues, etc.)

Keep in mind that <b>all</b> that the browser version you're using does is download a Java applet that then connects to the SAME open VNC server port as the regular VNC viewer would. That is, port 5800 just delivers the Java app, period. Port 5900 (or the port of your choosing) does the real VNC work in all cases.

OK, I don't know why I'd assumed the VIEWER was a LAN-only tool and across the internet I'd use a browser. Hated that via a browser the 8 character password limit.
I can carry the viewer on a flash drive I almost always have with me and thus use a DSM plug-in BUT THEN, if I should get stuck w/o my flash drive, I'd never be able to log in from just any browser.
* Agonizing decision *

a. You can do both, using the USB stick ordinarily but leaving the web version available on an obscure port with a good password.

b. You can always download a fresh copy of the standard VNC viewer, though it might be a little tricky if the encryption you've chosen is not public key. (Even then, you could leave yourself a key file downloadable from a password protected web or ftp site or e-mail account.)

There are about a zillion other ways to slice it too (VPNs and other tunnels, proxies, repeaters, etc.)

B wrote:You can do both, using the USB stick ordinarily but leaving the web version available on an obscure port with a good password.

I don't understand doing both.If the server has encryption=ON then I cannot use the browser method, which is limited to an 8-bit, unencrypted password. Right?If I can open an "obscure port" and have "a good password" then I don't need the VNCviewer app. But, & correct me if I'm wrong but, can you really have a good password of only 8 characters? This would seem to demand using the viewer app plus encryption.

Either way I've run into 2 problems, 1 for each access method!Problem #1: via web browser - At one server's location I cannot find a way to obscure the incoming port in their router (a Cicso RV016)! I can only open/forward ports that externally & internall match.. i.e. incoming port 12345 will only forward to 192.168.n.n:12345.At present for this location I have port 5800 forwarding to port 5800. (I assume the other 2 required ports, 5500 & 5900 are OK to not obscure.)Problem #2: via VNCviewer app - Can only get the viewer to work from inside the LAN *and* addressing the VNCserver by the machine's IP address. Using the viewer from outside the LAN never works. Using the URL (http://myname.dyndns.org:12345) in a browser (even off-LAN) does work. Using the viewer by specifying a hostname in or outside the LAN (even with the double :: such as http://myname.dyndns.org:12345) never works. Yes I test with the firewall=OFF.

B wrote:b. You can always download a fresh copy of the standard VNC viewer, though it might be a little tricky if the encryption you've chosen is not public key. (Even then, you could leave yourself a key file downloadable from a password protected web or ftp site or e-mail account.) There are about a zillion other ways to slice it too (VPNs and other tunnels, proxies, repeaters, etc.)

Sheesh! I can worry about encryption once I get the viewer working unencrypted!!
About the "standard VNC viewer"... Is THAT what goes on a USB key? I tried using the install pkgs to install the viewer to my key but all that did was not work on the key and break the viewer already installed on my PC!
Thanks much
RG

I believe you can make the DSM plugin usage available but optional, but don't hold me to that. And of course a good password can be 8 characters (particularly if you change it occasionally), as long as the server slows down a brute force guessing attack. (But again, I'm not sure how WinVNC reacts to such an attack.) As to trasmitting it in the clear, VNC doesn't actually do that; I believe it's hashed.

Re: "Problem #1", you don't need to keep using 5800 and 5900 on the WinVNC server itself -- just change the listening ports in the WinVNC server properties to match the ones you want your router to forward!

Re: "Problem #2", are you really entering "http://" each time? As I tried to make clear in another response to you, it is NOT appropriate to enter those kind of URLs into the normal VNC Viewer! Just enter the hostname::port as I mentioned.

Re: the VNC Viewer, it's pretty much a standalone executable. I've run multiple different versions from the same PC without much issue. You can just copy vncviewer.exe (from, for example, your installed UltraVNC directory) to your USB stick.

B wrote:Re: "Problem #1", you don't need to keep using 5800 and 5900 on the WinVNC server itself -- just change the listening ports in the WinVNC server properties to match the ones you want your router to forward!

I do not know what each port is for.I know that when I did have it working I had opened 3 ports thru the router: 5500, 5800, & 5900, with 5800 being obfuscated by a random 5-digit port for access to my server via a web browser. (The other 2 ports pass-thru at their actual port number.)Can you Identify what each port is for? Ought I close or obfuscate the other 2 ports?My ultimate intention is to have access to the VNCserver on my LAN and also to allow SC clients to get thru to a 'listening' viewer, but I'll get to that after I get past this 'cannot use viewer from outside the LAN' problem!

B wrote:Re: "Problem #2", are you really entering "http://" each time? Just enter the hostname::port.

Correct (sorry, I mistyped). When trying to access the server with the viewer am entering NOT a 'real' URL, am entering myname.dyndns.org::12345 which never works. (From browsers add the http:// at the beginning and use only 1 : and it does work.)Thanks for all you attention. It is very much appreciated. Rich

5900 is the meat-and-potatoes remote control port on a VNC "server". It's what VNC actually uses to communicate.

5800 is ONLY used as a "mini web server" to deliver the Java applet. Once that Java viewer applet is running, the applet connects back across port 5900 to do remote control.

5500 is used in "listening" reverse-connecting viewer AND in repeaters.

NONE of those port numbers are hard-coded; they can (and should in my estimation) all be changed to "obscure" high numbered ports when enabling Inbound Internet access.

If, for example, you changed them to 15900, 15800, and 15500 in the WinVNC server, listening viewer, and/or Repeater applications, you would just have your router forward those same ports through to the relevant server and/or repeater machines. (The port 5800 and 5900 connections should go to the SAME machine).

So if as you say you have just one VNC server on your internal LAN, and you want to have one listening viewer (and you're not using a repeater), you'd forward ports 15900 and 15800 (for example) to your VNC server PC and port 15500 (For example) to your listening VNC viewer PC. You'd also make sure those ports were defined in the VNC server and viewer properties.

When you connect with the remote VNC viewer, you'd use myname.dyndns.org::15900 -- NOT the same port number you'd use for the web client! Again, the web client's port number is ONLY for delivering the Java applet.

B wrote:When you connect with the remote VNC viewer, you'd use myname.dyndns.org::15900 -- NOT the same port number you'd use for the web client! Again, the web client's port number is ONLY for delivering the Java applet.

Ah. No, I was using the same port in the viewer as I was in the web client. Excellent. Thank you! And thank others here also.